Privacy Policy

Djeed refers to the operator of djeed.com and DjeedX (the workspace product at djeedx.djeed.com). The operating entity is in the process of being incorporated in Switzerland. Until incorporation completes, the data controller for the purposes of Article 4(7) of the GDPR is the founder, reachable at the address below. This section will name the legal entity and its registered address as soon as incorporation completes.

For data customers upload into a DjeedX workspace, the customer organisation is the controller and Djeed acts as a processor — the terms of that relationship are in the Data Processing Agreement.

Contact for any data-protection question: privacy@djeed.com.

From visitors and account holders we may collect:

• Account data — name, email, password hash or OAuth identifier, profile image. Provided directly or via Google sign-in. Held by our identity provider, Clerk (see Sub-processors below).
• Lead-form submissions — fields you complete on the /request form or in the “Express interest” modal (name, email, organisation, role, free-text notes). Stored in a server-side key-value store and visible only to authorised staff.
• Workspace content (DjeedX) — forms you design, records you enter, attachments you upload, and the audit metadata around them. Processed on behalf of the customer organisation (see the DPA).
• Technical data — IP address, user-agent, page-load timing, and request logs retained for security and abuse prevention. Logs are kept for at most 30 days unless required for an active investigation.
• Cookies and local storage — strictly-necessary values for authentication, bot protection, and theme preference. See the Cookie Policy.

• Performance of a contract — to operate your account, deliver the DjeedX workspace, and serve subscribed datasets.
• Legitimate interest — to secure the service against abuse, improve stability, and respond to support requests.
• Consent — for any optional marketing email. You may withdraw consent at any time via the unsubscribe link.
• Legal obligation — to comply with court orders, tax, accounting, or regulatory requirements.

Personal data and customer workspace content are stored exclusively in the European Economic Area and Switzerland. Current hosts:

• Cloudflare — CDN, DNS, edge cache, R2 object storage, and KV for djeed.com lead submissions and dataset snapshots. Data-at-rest is configured for EU regions where the option is exposed.
• Infomaniak Public Cloud (Geneva, Switzerland) — DjeedX backend, PostgreSQL, Redis, container-hosted Neo4j, and object storage for backups and factory snapshots. Switzerland benefits from the European Commission's adequacy decision on Swiss data protection (renewed in January 2024).
• Clerk — identity and access management; customer accounts and sessions, with EU residency configured.

We engage the following sub-processors. Each is bound by a written agreement and processes personal data only on our documented instructions.

Some entries are listed as “engaged when…” — these are documented contracts that are not currently processing personal data. We update this page when activation status changes.

• Account data — for the duration of the account, plus 30 days after closure.
• Lead-form submissions — up to 24 months from submission, unless converted to an account.
• Workspace content — for the duration of the customer subscription, plus 30 days after termination during which the customer may export. After 30 days, deleted.
• Technical / request logs — up to 30 days.
• Audit log of record edits — for the lifetime of the workspace (compliance).
• Backups — encrypted at rest, daily rotation, 30- day retention window. Stored in Switzerland alongside primary storage.

Under the GDPR (and the Swiss revFADP, where it applies) you have the right to:

• Access the personal data we hold about you
• Rectify inaccurate data
• Erase your data (the “right to be forgotten”)
• Restrict or object to processing
• Data portability — receive your data in a machine-readable format
• Withdraw consent for any consent-based processing
• Lodge a complaint with your local supervisory authority

Supervisory authorities you can complain to: in Switzerland, the Federal Data Protection and Information Commissioner (FDPIC, edoeb.admin.ch); in the EU/EEA, your country of residence's national data-protection authority.

• Transport-layer encryption (TLS 1.3) on every endpoint
• Encryption at rest for databases, object storage, and backups
• Tenant isolation per workspace inside DjeedX, enforced at the database layer
• Audit log for every record write
• Bot protection (Cloudflare Turnstile) on public forms
• Per-IP rate limits on authentication and AI assistant endpoints
• Dependency and vulnerability scanning on the deployment pipeline

Djeed is not directed at children under 16. If you become aware that a child has provided us with personal data, contact us at privacy@djeed.com and we will delete it.

We publish updates to this policy on this page. For material changes, we notify account holders by email at least 14 days before the change takes effect.